3.6.x

CloudWatch Observability

Amazon CloudWatch Observability for Amazon Elastic Kubernetes Service (EKS) is provided by the Amazon CloudWatch Observability EKS Add-on. When enabled, it can provide:

  • Container Insights: Metrics and daashboards for the EKS cluster and workloads. For information, see Container Insights.
  • Container Log Collection: Us the provided FluentBit component to send pod logs to CloudWatch Logs.
  • Application Signals: An application performance monitoring solution to monitor application behaviour and performance. For information, see Application Signals.
important

You will incur additional AWS costs when enabling or using CloudWatch Observability features (metrics, logs, and/or application monitorin). For pricing details, see Amazon CloudWatch Pricing.

Enabling the CloudWatch Observability EKS Add-on

You can enable and configure the CloudWatch Observability EKS Add-on during bootstrap (and during subsequent bootstrap re-runs).

Configure the following flags in your docker-compose.override.yml (bootstrap configuration):

  • enable_cloudwatch_observability_addon: enables/disables installation of the CloudWatch Observability EKS Add-on.
  • enable_cloudwatch_observability_enhanced_container_insights: enables enhanced Container Insights metrics collection.
  • enable_cloudwatch_observability_container_logs: enables container log collection via the add-on.
  • enable_cloudwatch_observability_application_signals: enables Application Signals (application performance monitoring) support in the add-on.
tip

For general information on applying configuration changes in the docker-compose.override.yml, see Updating Cluster Configuration.

Container Insights

Container Insights collects granular health, performance, and status metrics up to the container level, and also control plane metrics. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects. For general information, see Container Insights.

To enable Container Insights, set and apply the following in your docker-compose.override.yml file:

  • enable_cloudwatch_observability_addon: "true"
  • enable_cloudwatch_observability_enhanced_container_insights: "true"

CloudWatch Logs

The EKS Observability add-on includes the ability to forwarding pod logs to CloudWatch log using Fluent Bit. If you are already using the existing Fluentd-based mechanism (controlled by TF_VAR_aws_enable_cloudwatch_logging) to forward logs to CloudWatch, you can continue to use that or you can switch to the new mechanism provided by the EKS add-on.

caution

Do not enable both TF_VAR_aws_enable_cloudwatch_logging and enable_cloudwatch_observability_addon at the same time. CloudOps for Kubernetes will fail bootstrap if both are enabled, because both approaches attempt to manage the same Kubernetes namespace (amazon-cloudwatch).

If you want CloudWatch log collection, choose exactly one approach:

  • Option: use the legacy Fluentd log forwarding: set
    • TF_VAR_aws_enable_cloudwatch_logging: "true" and
    • enable_cloudwatch_observability_container_logs: "false".
  • Option: use the newer add-on log collection: set
    • enable_cloudwatch_observability_addon: "true" and
    • enable_cloudwatch_observability_container_logs: "true", and keep
    • TF_VAR_aws_enable_cloudwatch_logging: "false".

Application Signals and workload instrumentation

Application Signals is an application performance monitoring solution to monitor application behaviour and performance. For general information, see Application Signals.

Using the Application Signals integration requires to steps.

Step 1: Application Signals in the add-on

Set and apply the following in your docker-compose.override.yml file:

  • enable_cloudwatch_observability_addon: "true"
  • enable_cloudwatch_observability_application_signals: "true"

Step 2: Annotate and re-deploy the applications that you want to monitor

Enabling Application Signals in the add-on does not automatically instrument any applications. Applications must be explicitly annotated to opt in to be monitored, so you have control over CloudWatch costs. To instrument a Java workload, you need to add this pod-template annotation:

  • instrumentation.opentelemetry.io/inject-java: "true"

CloudOps for Kubernetes supports configuring these annotations for common components:

  • Jenkins: set and apply TF_VAR_jenkins_enable_cloudwatch_apm: "true" in your docker-compose.override.yml file. This will add the annotation.
  • Commerce Stack: specify the annotation in the relevant *_pod_annotations maps, in the Commerce Stack tfvars file used by your deployment. These files are found under terraform/commerce-stack/env-file.
  • ActiveMQ: specify the annotation in activemq_pod_annotations, in the ActiveMQ tfvars file used by your deployment. These files are found under terraform/activemq/env-file.
Last updated on 2/3/2026
Performance PlanningOverview